aboutsummaryrefslogtreecommitdiffstats
path: root/tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml
blob: c6845dce82f0dba8eef30965647a39ee8062d4f5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

---
- hosts: vpgn
  gather_facts: no
  remote_user: ubuntu
  tasks:

  - name: Install tcpdump, grepcidr
    apt:
      name: "{{ packages }}"
    vars:
      packages:
      - tcpdump
      - grepcidr
    become: true


  - include_vars: "{{ ConfigFileName }}"
  - debug: var="trafficpresence"
    failed_when: "'trafficpresence' is not defined"

  - name: Get all Interfaces
    set_fact:
      interfaces: "{{destinations[0].vservers | map(attribute='l-interfaces') | list}}"
  - name: Interfaces vserver 1
    set_fact:
      vserver1_interfaces: "{{destinations[0].vservers[0]['l-interfaces'] | list}}"
  - name: Interfaces vserver 2
    set_fact:
      vserver2_interfaces: "{{destinations[0].vservers[1]['l-interfaces'] | list}}"
  - block:
     - name: length interfaces vserver1
       set_fact:
         length1: "{{ vserver1_interfaces |length }}"
     - name: length interfaces vserver2
       set_fact:
         length2: "{{ vserver2_interfaces |length }}"
  - block:
     - name: adress 1 vserver
       set_fact:
         sink_addresses:
           - "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
     - name: adress 2 vserver
       set_fact:
         fw_addresses:
           - "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[1]['l-interfaces'][3]['ipv4-addresses'][0]}}"
    when:
      - length1 == "3"
      - length2 == "4"
  - block:
     - name: adress 1 vserver
       set_fact:
         fw_addresses:
           - "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[0]['l-interfaces'][3]['ipv4-addresses'][0]}}"
     - name: adress 2 vserver
       set_fact:
         sink_addresses:
           - "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
           - "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
    when:
      - length1 == "4"
      - length2 == "3"

  - name: Concatenate sink_addresses
    set_fact:
      sink_addresses_conc: "{{ sink_addresses | join('\n') }}"

  - name: Get sink IP fom json
    shell: printf "{{ sink_addresses_conc }}" | grepcidr -f /opt/config/protected_net_cidr.txt
    register: sink_ip

  - debug: var=sink_ip.stdout

  - name: Find interface name
    shell:
      cat /etc/network/interfaces | grep 255.255.255.0 -B2 | grep iface | awk '{print $2}'
    register: interface_name

  - name: Interface name
    debug: msg='interface_name {{ interface_name.stdout }}'

  - name: Traffic check if trafficpresence is TRUE
    when:  trafficpresence == true
    block:
    - name: Traffic check if trafficpresence is TRUE
      raw: |
        #!/bin/bash
        for i in {1..15}
        do
          sudo timeout 2 tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 10 > /dev/null 2>&1
          timeout_result=$?
            if [ $timeout_result == 0 ] ; then
              echo 'traffic present'
              break
            fi
        done
        if [ $timeout_result == 124 ] ; then
          echo 'traffic absent'
        elif [ $timeout_result != 0 ] ; then
          echo 'other error'
        fi
        exit $timeout_result
      register: traffic_check
      ignore_errors: yes
    - debug:
        msg: 'traffic absent {{ traffic_check.stdout_lines }} '
      when: traffic_check.rc == 124
      failed_when: traffic_check.rc == 124
    - debug:
        msg: 'traffic present {{ traffic_check.stdout_lines }} '
      when: traffic_check.rc == 0

  - name: Traffic check if trafficpresence is FALSE
    when:  trafficpresence == false
    block:
    - name: Traffic check trafficpresence is FALSE
      raw: |
        #!/bin/bash
        for i in {1..3}
        do
          sudo timeout 10  tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 1 > /dev/null 2>&1
          timeout_result=$?
            if [ $timeout_result == 124 ] ; then
              echo 'traffic absent'
              break
            fi
        done
        if [ $timeout_result == 0 ] ; then
          echo 'traffic present'
         elif [ $timeout_result != 124 ] ; then
          echo 'other error'
        fi
        exit $timeout_result
      register: traffic_check
      ignore_errors: yes
    - debug:
        msg: 'traffic absent {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
      when: traffic_check.rc == 124
    - debug:
        msg: 'traffic present {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
      when: traffic_check.rc == 0
      failed_when: traffic_check.rc == 0